McAfee SG310 Administration Manual page 300

VPN menu features
IPSec failover
Table 22 Primary IPSec tunnel – Headquarters UTM Firewall configuration <Comment>(continued)
Field
Dead Peer Detection
Remote Required Endpoint ID
Preshared Secret
Local Network 1
Remote Network 1
Local Network 2
Remote Network 2
Table 23 Primary IPSec tunnel – Branch Office UTM Firewall configuration
Field
Tunnel name
Local interface
Keying
Local address
Remote address:
Local Required Endpoint ID
Dead Peer Detection
Remote Required Endpoint ID
Preshared Secret
Local Network 1
Remote Network 1
Local Network 2
Remote Network 2
Once this primary IPSec tunnel is running and working, disable the primary tunnel at both the Branch
3
Office and Headquarters UTM Firewalls by deselecting the associated checkbox on the IPSec screen.
Set up the "secondary" IPSec tunnel with two subnets on both the Headquarters and the Branch office
4
UTM Firewalls and make sure that it is working. For each field, use the default values unless an alternative
setting is given in
Table 24 Secondary IPSec tunnel – Headquarters UTM Firewall configuration
Field
Tunnel name
Local interface
Local interface gateway
Keying
Local address
Remote address:
Local Optional Endpoint ID
Dead Peer Detection
Remote Required Endpoint ID
Preshared Secret
Local Network 1
Remote Network 1
Local Network 2
Remote Network 2
300 McAfee UTM Firewall 4.0.4 Administration Guide
Value
enabled
primary@branch
<primary secret>
192.168.1.0/24
192.168.2.0/24
192.168.11.1/32
192.168.12.1/32
Value
primary
default gateway interface
Aggressive mode (IKE)
dynamic IP address
static IP address
primary@branch
enabled
primary@HQ
<primary secret>
192.168.2.0/24
192.168.1.0/24
192.168.12.1/32
192.168.11.1/32
Table 24 or Table 25.
Value
secondary
<select interface for secondary
link>
Use Interfaces Default Gateway
Aggressive mode (IKE)
static IP address
dynamic IP address
secondary@HQ
enabled
secondary@branch
<secondary secret>
192.168.1.0/24
192.168.2.0/24
192.168.11.1/32
192.168.12.1/32